Over the last few years, we have seen a year-on-year increase in instances of cybercrime and security breaches targeting everything from large corporations to individuals such as us and regular users.
This trend is set to continue as cybercrime grows exponentially and the cybersecurity skills gap widens. In the U.S. alone, there are thousands of cybersecurity jobs currently vacant.
The tech companies have set the goal as to protect themselves against cybersecurity breaches that can be devastating and costly. This is leading to the cybersecurity and infosecurity related hiring to increase rapidly.
By 2021, projections estimate that there will be around 500,000 unfilled industry vacancies.
Why Get a Cybersecurity Certification?
Why? To become an ideal candidate who the companies and employers are looking for!
When evaluating potential candidates for cybersecurity and infosec candidates, employers look to certifications as a way of measuring their capabilities. Simply having one or two good certifications under your belt can be enough to get you considered, and possibly hired. That is, if you have some experience under your belt.
On this page, we will look at some of the industry’s best cybersecurity certifications—from entry-level certifications to more advanced ones—what they are, what they mean, what they involve, and how to get them.
Simply having experience and/or a degree no longer cuts it even you’re from the tech or IT industry. Certifications are effective ways to validate yourself as a candidate, demonstrate your skills, and show prospective employers that you are fit for the job of protecting them and their assets.
Top 3 Cybersecurity Certifications in 2019
Without further ado, here are the top most in-demand cybersecurity certifications right now in 2019.
1. CompTIA Security+
Duration: 90 Minutes
Format: Multiple Choice, Performance Based
CompTIA Security+ is one of the most fundamental cybersecurity certifications available anywhere—it provides a basic foundational understanding of key subjects such as vulnerabilities, risk management, and cryptography, among other things.
With Security+, you will begin to understand the way to properly install, configure, and deploy systems in addition to securing devices, networks, and applications. It is the first security certification that many IT professionals earn. It helps to establish demonstratable core knowledge and skills that any cybersecurity role will demand.
Focussing on the latest trends, Security+ covers everything from IT auditing to penetration testing at a junior level with a particular focus on intrusion detection and risk management and mitigation.
In order to pass CompTIA Security+, you will need to have a comprehensive understanding of—
- Network architecture and network design
- Risk and vulnerability management
- Modern threats, attacks, and vulnerabilities
- Identity and access management
It also provides a way in for mid-level cybersecurity jobs. At the end of the course, you will also be able to perform threat analysis on these systems and deploy techniques to mitigate threats and vulnerabilities.
If you are looking for a job in the cybersecurity industry, Security+ is a certification that should be considered the basic, bare minimum for getting into key junior cybersecurity roles such as—
- Security engineering
- Cybersecurity analyst
After finishing Security+, most people work internally within organizations and specialize further by taking additional certifications further down the line.
2. CompTIA Network+
Duration: 90 Minutes
Format: Multiple Choice, Drag and Drop
Security+ assumes that you have a background in tech and understand the basics of networking and other IT fundamentals. If you don’t, CompTIA Network+ is a great starting point. The saying goes that you have to learn to walk before you can run, and this is something that applies to the cybersecurity industry.
While Network+ is itself not necessary for most jobs in the cybersecurity industry, it provides the basic foundations of knowledge for everything related to networking and how computers and networks communicate with one another.
The Network+ course ensures that an IT professional has the skills to—
- Design and deploy networks
- Configure, manage, and maintain network devices
- Troubleshoot network problems
- Implement network security, standards, and protocols
Among other things. Note that it is designed for IT professionals. If you are not an IT professional or don’t have a tech background, CompTIA A+ is the best starting point.
After completing the CompTIA Network+ course, many doors are opened to entry-level IT roles.
It provides the perfect foundation for you to delve deeper into the cybersecurity industry by starting in an entry-level job or taking additional certifications such as Security+.
Some of the jobs that will open up after completing Network+ include—
- Systems administrator
- IT manager
- Network administrator
3. Certified Information Systems Security Professional (CISSP)
Duration: 6 Hours
Format: Multiple Choice, Advanced Innovative
CISSP is an advanced-level certification that is obtained through the International Information System Security Certification Consortium (ISC).
Before you can take the exam, you need to have at least five years‘ worth of experience in a relevant industry and have a working knowledge of at least two out of eight Common Body of Knowledge domains—
- Security and risk management
- Asset security
- Security engineering
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
In addition to this, you must also go through the endorsement process which requires your agreeance and subscription to the (ISC)2 Code of Ethics and another (ISC)2 certified professional to sign your form as verification of your experience.
As a top-level certification aimed at established professionals, CISSP covers advanced topics such as vulnerability management and mitigation in web systems, professional ethics, and advanced cryptography. The course can be taken with specific concentrations depending on the candidate’s experience and specialism, some of these concentrations include engineering and architecture.
After completing CISSP, some of the typical job options include—
- Information security analyst
- Information security manager
- Senior information security officer
What We Do NOT Recommend
Certified Ethical Hacker (CEH)
Duration: 4 Hours
Format: Multiple Choice
CEH is offered to people who want to specialize in a penetration testing (ethical hacking) role. It is not a certification anybody can just dive into. As a pre-requisite, candidates must have two years’ experience working in the IT industry before taking the exam.
The goal of CEH is to make you act and think like a hacker in your work so you can prevent attacks against your employer or clients. But in reality, they try to teach a ton of useless subject matter that is not useful at all.
CEH is taken through the EC-Council. It is a core course that you must pay to take to take “more advanced” certifications such as the Certified Security Analyst (CSA) and Licensed Penetration Tester (LPT).
Using your own systems, you will go through the hacking lifecycle—recon, gaining access, enumeration, maintaining access, and covering your tracks—so you can learn to think and act like a hacker.
The CEH certification is designed to train you on how to identify weaknesses within a network so that they can be fixed but it’s more fluff than anything. There are even answer keys to exams if you look hard enough.
People also have reported errors in formatting, questions, and even basic grammar.
After completing the CEH certification, you’ll have yet another certification under your belt. Perhaps you can fill some cybersecurity roles such as:
- Junior penetration tester
- Advanced threat analyst
- Information security assessor
Licensed Penetration Tester
Duration: 6 Hours per level
Another certification offered by the EC-Council is the Licensed Penetration Tester. This is considered an expert-level certification and is designed to separate the experts from the novices in the field of penetration testing. As the EC-Council website says—there are good penetration testers and then there are great penetration testing.
There are no formal employment requirements for taking the LPT certification and anybody can do it, however, the EC-Council has the following words of wisdom—
“Unless you are bent on being nothing other than the best in penetration testing, don’t bother registering for this program, as you are probably not cut out for it.”
That’s some terrible word of advice. Just look at the best in the industry – do any of them have training from EC-Council? No.
It is recommended that candidates meet one of the following as well—
- At least 2 years’ experience as a penetration tester
- Have the ECSA certification
- Have another industry certification such as OSCP or GIAC
Most serious organizations hire licensed penetration testers to legally attack and break into their networks to uncover security flaws and loopholes. Does EC-Council provide legitimate certifications they will actually consider? We leave it up to you to research this.
After completing the certification, some of the jobs they say you can get are—
- Senior security consultant
- Senior licensed penetration tester
- Senior cybersecurity engineer
But in our professional opinion, you need far more than training and certifications to fulfill a senior role in any serious organization. And they will know that you were gullible enough to go after this certification.
Your Future as a Cybersecurity Expert
There are many levels where you can start your journey, from the entry-level jobs which will get you experience and exposure in cybersecurity. Similarly, you can also be a valuable addition to the company’s current infosec or cybersecurity team with your certifications and current experience.
With the cybersecurity salaries in the industry currently being in good shape across different tech roles; you just need to be disciplined and driven with a clear goal in mind to build a meaningful career.
To summarize, the cybersecurity industry has been taking shape and has become a giant part of tech companies.
The tech landscape is shifting towards having top-notch security policies and standards throughout tech companies touting to keep their customer’s data safe and secure. And you can be one of the professionals delivering on that premise.